In the end, this is about economics and trade-offs. While the code is
technically sometimes both inefficient and inelegant, there are too few
people who work on it to make re-writing code a good use of our time.
If GnuTLS was a larger and funded project like OpenSSL, NSS, or
OpenLDAP, things may be different.

I'll note that when I embarked on performance analysis of OpenLDAP back in
2001, http://www.openldap.org/lists/openldap-devel/200109/msg00065.html all of
my work was funded by my bank account. There was pretty much no commercial
interest in OpenLDAP until several years later, long after our major
performance overhauls were done. After we had consistently demonstrated that
the rewritten codebase performed better than anything else out there. The
Project's growth didn't really accelerate until after that groundwork was done.